/**
 * Copyright [2019] [LiBo/Alex of copyright liboware@gmail.com ]
 * <p>
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.hyts.dess.sso.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

/**
 * @project-name:dess
 * @package-name:com.hyts.dess.sso.config
 * @author:LiBo/Alex
 * @create-date:2020-07-18 17:15
 * @copyright:libo-alex4java
 * @email:liboware@gmail.com
 * @description: SSO 单点登录配置类控制对象
 */

@EnableAuthorizationServer
@Configuration
public class WebSSOConfiguration extends AuthorizationServerConfigurerAdapter {

    /**
     * 密码编码器
     */
    @Autowired
    PasswordEncoder passwordEncoder;

    /**
     * 应用服务名称
     */
    @Value("${spring.applicaton.name:dess-sso}")
    String applicationName;

    /**
     * jwtAccessTokenConverter对象转换器
     * @return
     */
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter(){
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey(applicationName);
        return jwtAccessTokenConverter;
    }

    /**
     * 配置是否被认证操作通过
     * @param authorizationServerSecurityConfigurer
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.allowFormAuthenticationForClients()
                .checkTokenAccess("isAuthenticated()")
                .passwordEncoder(passwordEncoder);
    }

    /**
     * 客户端的配置
     * @param clientDetailsServiceConfigurer
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        //操作处理功能实现机制
        clientDetailsServiceConfigurer.inMemory()
                // client_id
                .withClient("dess-atom")
                // client_secret
                .secret("$2a$10$GqJuJhe7zmtwwThIed7smu9zMJBgSQzFMP47eEDL.g9tg8Y82.A7m")
                //采用什么方式获取access_token
                .authorizedGrantTypes("authorization_code")
                .redirectUris("http://localhost:8081/dess-atom/login")
                .scopes("all")
                //自动授权
                .autoApprove(true)
                .and()
                // client_id
                .withClient("dess-agg")
                // client_secret
                .secret("$2a$10$GqJuJhe7zmtwwThIed7smu9zMJBgSQzFMP47eEDL.g9tg8Y82.A7m")
                //采用什么方式获取access_token
                .authorizedGrantTypes("authorization_code")
                .redirectUris("http://localhost:8082/dess-agg/login")
                .scopes("all")
                .autoApprove(true);
    }

    /**
     * 配置操作处理机制
     * @param authorizationServerEndpointsConfigurer
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        //配置JWT的生成器
        authorizationServerEndpointsConfigurer.accessTokenConverter(jwtAccessTokenConverter())
                .allowedTokenEndpointRequestMethods(HttpMethod.POST, HttpMethod.GET);
    }
}
